<?php
include("../db_connect.php");

$replace[] = ' ';
$find[] = ',';
$name = "";
$address ="";
$type = "";


if(isset($_GET["name"])){
$name = mysql_real_escape_string(htmlentities(trim($_GET["name"])));
$$name = $name;
}
if(isset($_GET['address'])){
$address = mysql_real_escape_string(htmlentities(trim($_GET["address"])));
$address = $address;

}
if(isset($_GET['type'])){
$type = mysql_real_escape_string(htmlentities(trim($_GET['type'])));
$type = $type; 

}
$name = str_replace($find, $replace, $name);
$sql = "SELECT * FROM tblmanufacturer WHERE manufacturename like '%".$name."%'";
if($address != ""){
$address = str_replace($find, $replace,$address);
$sql .= " AND address like '%".$address."%' ";

}
if($type != ""){
$type = str_replace($find, $replace, $_GET['type']);
	$sql .= " AND itemtype like '%".$type."%' ";
}

$sql .= " order by manufacturename ASC";

$result = mysql_query($sql) or die(mysql_error());

if(mysql_num_rows($result)<1 ){
	echo '<div style="padding:10px;"><h3 style="color:white;" >No Item Found</h3></div>';
	die();
}
else{
	$display ="";
	$display .="
		<table border='1' width='100%' style='background-color:gray;'>
		<tr style=' background-color:#ba3e3f;'>
			<td>Name</th>
			<td>Address</td>
			<td>Type</td>
		</tr>
	";
	while($row = mysql_fetch_array($result)){
		$display .='<tr>
			<td>'.$row['manufacturename'].'</td>
			<td>'.$row['address'].'</td>
			<td>'.$row['itemtype'].'</td>
		
		</tr>';
	
	}
	$display .="</table>";

}
echo $display;



?>